The Good, the bad, and the ugly of Thin Client/Server Computing

Sources: www.thinclient.net, www.v-one.com 1
The Good, the Bad, and the Ugly
of
Thin Client/Server Computing

Source: www.thinclient.net 2
What is Thin Client/Server Based
Computing?
Definition: “Thin Client”
 The user application is executed on the server
and displayed on the client system.
 A thin client terminal need only have sufficient
power to render the display of the user
session.

Source: www.thinclient.net 3
How is this Different from
Mainframe Computing?
It isn’t, for the most part.
The only differences are:
 When it is said that an application is
running “Thin Client” or “Server Based” it
merely refers to graphical MS Windows
applications versus text based mainframe
applications.
 Ex: MS Office, WordPerfect, Lotus Notes,
Netscape… all apps using the familiar GUI
from MS Windows.

Source: www.v-one.com 4
How is this Different from
Mainframe computing? (con’t)
 Applications run on powerful centralized servers
accessing centralized data stores.
 The applications run on multi-user systems.
 Allows user to access applications from PC’s
and Thin Client terminals with software that
provides a virtual desktop.

Sources: www.thinclient.net, www.v-one.com5
Benefits of Thin Client/Server
Computing
 Ability to access any application from any
device, anywhere, over any connection.
 Eases processing burden on the client’s CPU.
 Reduces data transmission lags inherent to
remotely connected users.

Source: The Harvard Computing Group6
Security Benefits in
Thin Client/Server Computing
 No threat of virus introduction because
there’s no floppy drive or CD-ROM drive.
 Lack of floppy drive prevents the use of “User
ID/Password cracking software.”
 Anti-virus software and virus definitions are
maintained on the server.
 Virus propagation minimized without local
hard drive.
 Creates a central control of the user
environment.

Security Benefits in Thin Client
(1)
 Does not allow for document storage on a
local device, ensuring proper access control
and backup.
 No data storage on terminal, reducing risk of
inappropriate access to confidential data.
 Reduced hacking by casual users.
 Reduced risk of damage to more expensive
hardware.

(2)
 Business Continuity:
 Stems from the server based storage of data
and software.
 Literally impossible to interrupt an application
session and resume the same session from
a different physical location on another
client.
 The interrupted session will resume in exactly the same
place with the same data on the screen.
 A Thin Client screen displays results of application
processing that happens at the central site, therefore
physical location is irrelevant.

(3)
Web browser and server software
patches and upgrades only necessary
on the server(s) thereby upgrading all
clients automatically.
 Significant because a majority of security
breaches in the past have been through web
browsers and servers.
 Upgrading servers only reduces time lag in
having the latest security patches up and
running.

10
Security Risks with
Thin Client (1)
 Data centers must be fully equipped to deal with
both remote and central site problems.
 Local web browsers contain local memory or
cache of recently accessed web pages that are
not removed will allow access by hackers into
the system.

11
Security Risks with
Thin Client (2)
Physical Security:
 Becomes a prime issue because everything is
centralized within one central location. An
increased need for Guns, Guards, and Gates.

12
Security Risks with
Thin Client (3)
Email:
 “Email security must be addressed though the
overall IT strategy and still remains a potential
leak for confidential data." (Newburn 8)

13
Security Risks with
Thin Client (4)
User ID’s and Passwords:
 This is an ongoing problem even with
education and review of security in mandated
workshops.
 Not unusual to find a "Post-It" note attached to
a computer or keyboard.

14
Security Risks with
Thin Client (5)
Wireless Devices:
 Minor challenge for someone with knowledge and
suitable hardware such as a wireless protocol
analyzer or a laptop equipped with a wireless
access card to intercept vital transmissions.
 It is of no consequence even if transmissions are
within the bounds of the facility because an
employee, service contractor, janitor, or other
member of the community who has permission to
enter the premises can perform snooping or
capture network data with a properly equipped
PDA (Personal Digital Assistant).

Source: Wireless Security Workshop, UMBC15
Security Risks with
Thin Client (6)
Wireless Devices:
 ‘Most wireless products conform to the 802.11b
encryption standard and also offer an optional
encryption technology known as Wired Equivalent
Privacy (WEP), but this encryption must be
specifically turned on and is not part of the default
setup of the system.’ (Cirrota)
 ‘Problem is that WEP is not entirely security proof as
it was publicly cracked in 2001.' (Cirrota)

16
Security Solutions for
Thin Client (1)
 Major server vendors provide high reliability and
fail-over options in their current product lines.
 Thin clients that use local browsers are not
exempt from the web browser cache problem,
but local web browser security settings can be
set to eliminate the local cache eliminating the
risk.

17
Thin Client (2)
Simplest solution is to use server-based
browsers that do not have this inherent
flaw.
 Another solution is to use a software program
such as "StayOnline" by stayonline.com that
explicitly flushes data from memory-resident
cache and also will purge instant messenger-
style buddy lists to enhance security.

18
Thin Client (3)
Local web browsers contain local memory
or cache of recently accessed web pages
that are not removed will allow access by
hackers into the system.

19
Thin Client (4)
Physical Security:
 Security guards should be utilized versus
relying technology. Technology may be less
expensive, but is not completely fool-proof as it
is reactive and not pro-active. Also in the event
of an emergency a human guard can assess
the situation and if necessary be the last person
to leave in the case of a genuine emergency
due to the requirement of having a fail-safe
door.

20
Thin Client (5)
Physical Security: (con’t)
 Doors may be secured with biometrics in
order to allow only authorized personnel into
the computer room.
 Fail-safe doors would have to be employed
in order to provide access for anyone within
the computer room during a genuine
emergency.
 Firewalls used for all four sides to prevent
entrance through the plenum of the building.

21
Thin Client (6)
Email:
 “Email security will have to be addressed
through current means." The current rules of
not opening attachments or just securing the
email so attachments cannot be accepted will
go a long way in securing email.” (Newburn 8)

22
Thin Client (7)
User ID’s and Passwords:
 The use of smart cards a credit card-sized device
containing a microprocessor and memory that can
store personal information.
 The user inserts the card into the card reader to gain
access of the system.
 In order to prevent the obvious problem of missing
and stolen smart cards, biometric identification may
also be applied in order to act as a second level of
security.

23
Thin Client (8)
User ID’s and Passwords: (con’t)
 Best Alternatives in biometrics currently are "Iris
Scans" or "Thumbprint Scans".
 Iris Scanners: Use a hardware device that scans
the user's eye with regular light and compares the
iris color footprint to the scan currently on file. It there
is a match, the user is given access. Iris color is
unique to every individual and the technology is quite
inexpensive at this time due to the falling costs of
hardware.

24
Thin Client (9)
 Iris Scanners: (con’t)
 The only way currently to circumvent an iris scan is
either cut the person's eyeball out or somehow get to
the server to alter the iris scan database.
 Drawback is that they are rather physically intrusive
to users because a person has to set their eye up to
a device that performs the scan.

25
Thin Client (10)
 Thumbprint Scanner: Are less obtrusive for
users and there's also less objection by users to
using them.
 The user places their thumb on the scanner and
the image is compared to the scan on file.
 Drawback is the manufacture of "Plastic Thumbs"
which have the prints of the user, more than likely
the CEO.

26
Thin Client (11)
 Thumbprint Scanner: (cont’d)
 Other possibility is cutting the person's thumb off, or
again altering the database where the thumbprint
data is stored.

27
Thin Client (12)
Wireless Security Solutions:
 Inherent problem with encryption technology is
that it is computationally intensive. It requires a
large number of processor cycles to accomplish
the encryption of data.
 “The ICA protocol embedded on most thin client
devices can encrypt thin client data streams
without any noticeable impact on performance
because of underlying protocol places minimal
requirements on the device.” (Harvard
Computing Group 14-15)

28
Thin Client (13)
Wireless Security Solutions: (cont’d)
 ‘Wired Equivalent Privacy Protocol, part of the IEEE
802.11b wireless networking standard for encryption
may not necessarily be strong enough, but should not
be the exclusive means of protection when data
confidentiality is a primary concern say as in a
hospital when working with patients medical records'
(Cirrota).

29
Future Plans and Prescriptions
The 802.11 standards committee of the
IEEE along with several vendors and
industry consortia are working diligently to
augment or replace WEP.

The Good, the bad, and the ugly of Thin Client/Server Computing

More Related Content

What's hot

Viewers also liked

Similar to The Good, the bad, and the ugly of Thin Client/Server Computing

More from The Integral Worm

Recently uploaded

The Good, the bad, and the ugly of Thin Client/Server Computing